SlideShare una empresa de Scribd logo

5.3. Undercover communications

defconmoscow
defconmoscow

Meeting #5.

Internet
1 de 32
Descargar para leer sin conexión
Undercover communications By Dennis Gamayunov Feb 15, 2014
/whoami Dennis Gamayunov  Security researcher  Network security over 10 years  Interests: kittens and stuff Work at . . .
A bit of history • User communications: – BBS – late 1970s – SMTP – 1982 – IRC – 1988 – ICQ – 1996 • Crypto: – PGP - 1991
Privacy issues • Unencrypted – anyone accessing the network may read the messages • Unauthenticated – anyone may pretend to be anyone else • But… deniable
PGP Install GnuPG, generate a pair of keys for yourself; a "public key" and a "private key". The private key is like a regular key. You will use it to sign and decrypt your messages You publish your public key by sending it to a PGP key server on the Internet. People who wish to send you private email use a copy of your key to encrypt the message. You keep the (private) key to yourself, so that only you can open and read (and sign) the messages.
PGP WoT • Anyone can upload keys to “Key Servers”- even fake keys • Authenticity of this public key can be checked as • If you can verify that a key belongs to its owner, you can sign that key, indicating that you have verified ownership • Identify voice • If not known, any one else could say he is owner of key Make a call • Check key properties Visit him • Search for another person who verify his identity WOT
Example WoT
Trolling WoT would you sign this key? pub 1024D/1B629B3D 2005-12-27 Key fingerprint = 965E F829 EA6C 9174 4B46 43E1 4513 9A86 1B62 9B3D uid u1tr4 l4s3r <seekrit@hax0r.com> sub 2048g/1F8E2EEA 2005-12-27 what would you need to know before you did?
Trolling WoT • OHM2013 talk on fake PGP identities – https://www.eff.org/event/ohm2013-trolling- web-trust • Sample tool available: https://github.com/micahflee/trollwot – Add fake signatures to keys – Brute force PGP key id (and fingerprint) – Create fake identities for given names and e-mails and build WoT for them
PGP issues • Usability of public-key fingerprints – Hard to remember and pronounce • Pseudo-word fingerprints https://github.com/trevp/keyname • Fake WoTs • Lack of forward secrecy – Stolen keys break all security properties of past messages
Target scenario • Assumptions – Alice and Bob both know how to use PGP – They both know each other’s public keys – They don’t want to hide the fact that they talked, just what they talked about The Internet Alice Bob Bad Guys
Now bad guys act • Bob’s computer is stolen by “bad guys” – Criminals, competitors – Subpoenaed by the FBI • Or just broken into – Virus, trojan, spyware, black bag job • All his key material is recovered – Oh no! • Bad guys now can: – Decrypt past messages – Learn their content – Learn that Alice sent them • And have a mathematical proof they can show to anyone else • How private is that?
Lots of PGP-based projects available • PGP-powered e-mail • IM clients: – Jabber (Pidgin et al) – ICQ/AIM – Basically any IM may be a transport for PGP-MIME • Even WoT implementations for the Web and OpenSSH – http://web.monkeysphere.info/
SILC • Stands for Secure Internet Live Conferencing. • Designed as a secure replacement for IRC (Internet Relay Chat), released in 2000. • Also has some features of instant messaging. • Stable implementations for clients and servers are available. (http://www.silcnet.org)
SILC protocol • A server handles channel maintenance and accepts connections from clients. • A client connects to a server to join and part channels. • A channel is a group of clients that are in the same conversation. • No one outside a channel is supposed to be able to listen in on the conversation. • It is assumed that each client has already established a session key with each server to which it talks
Protocol description (Client) • If entity A sends something to entity B in SILC, it is always encrypted with the session key between A and B. • A client initially connects to a server. • A connected client can request to join a channel on a server. • The client knows that it has joined the channel when it receives a channel key from the server. • Every time a client joins or parts a channel, a new channel key is generated and distributed among the remaining channel members. • Each channel message, instead of being with the session key, is encrypted with the channel key. However, the packet header (which stores the source and destination) is still encrypted with the session key. • A client, when it parts a channel, notifies the server so that it may update the channel roster and regenerate the channel key.
Protocol description (Server) • A server, when it receives a join request for a channel from a client, adds that client to the channel roster if it is not already there. • A server, when it receives a part request for a channel from a client, removes that client from the channel roster if it is there. • If the channel roster changes, a new session key is created and distributed to all remaining clients in the channel roster. • Whenever a message for a channel is received from a client of which it is a member, it is broadcast to all clients in the channel roster. (Only the header is reencrypted.)
Protocol example C1 C2S Connect Connect Join #silctalk generated-silctalk-key(1) {Message: “I’m all alone.”}(1) {C1 message: “I’m all alone.”}(1) Join #silctalk generated-silctalk-key(2) generated-silctalk-key(2) {Message: “Sup C1.”}(2) {C2 Message: “Sup C1.”}(2) {C2 Message: “Sup C1.”}(2) Part #silctalk generated-silctalk-key(3) Part #silctalk You have joined channel #silctalk C1: I’m all alone. C2 has joined channel #silctalk C2: Sup C1. You have parted channel #silctalk You have channel #silctalk C2: Sup C1. C1 has parted channel #silctalk You have channel #silctalk
Forward secrecy • SILC regenerates the channel key on each part/leave • Users may additionally negotiate static permanent channel encryption key – Channel messages not visible to the server – Key management is hard
OTR • Designed by cryptographers Ian Goldberg and Nikita Borisov in 2004 • Key features in addition for common encryption: – Perfect forward secrecy – Deniability
Real-life model for OTR: casual conversations • Alice and Bob talk in a room • No one else can hear – Unless being recorded • No one else knows what they say – Unless Alice or Bob tell them • No one can prove what was said – Not even Alice or Bob
Perfect Forward Secrecy • Use a short-lived encryption key • Encrypt your data with it • Discard it after use – Securely erase from memory • Use long-term keys to help distribute & authenticate the short-lived key
Repudiable Authentication • Do not want digital signatures – Leave non-repudiation for contracts, not conversations • Do want authentication – Can’t maintain privacy if attackers can impersonate friends • Use Message Authentication Codes (MACs)
MAC Operation Data MAC MAC MK Data MAC MACMK =? Alice Bob
No Third-Party Proofs • Shared key authentication – Alice and Bob have same MK – MK required to compute MAC • Bob cannot prove that Alice generated the MAC – He could have done it, too – Anyone who can verify can also forge
OTR Protocol phase 1: AKE • Alice and Bob pick random x, y resp. • A->B: gx, SignAlice(gx) • B->A: gy, SignBob(gy) • SS=gxy a shared secret • Signatures authenticate the shared secret, not content
OTR phase 2: Message Transmission • Compute EK=Hash(SS), MK=Hash(EK) • A->B: EncEK(M), MAC(EncEK(M),MK) • Enc is symmetric encryption (AES) • Bob verifies MAC using MK, decrypts M using EK • Confidentiality and authenticity is assured
OTR: re-keying • Alice and Bob pick x’,y’ • A->B: gx’, MAC(gx’, MK) • B->A: gy’, MAC(gy’, MK) • SS’ = H(gx’y’) • EK’ = H(SS’), MK’=H(EK’) • Alice and Bob securely erase SS, x, y, and EK – Perfect forward secrecy
OTR limitations • Basically online – Short re-key interval – Designed for IM • Basically one-to-one – Deniable multy-party OTR is a challenge
mpOTR • Multy-party Off-the-record communications • Protocol draft proposed by Ian Goldberg et al in 2009 • Current development: – https://moderncrypto.org/ mailman/listinfo/messaging – http://lists.cypherpunks.ca/ mailman/listinfo/otr-dev – http://mpotr.secsem.ru/ • Initial implementation expected in 2014 • Channel establishment – IRC, XMPP MUC • Authentication and key establishment – Group DH • Communication – Preserving message ordering and causation • Shutdown – Publishing ephemeral keys
Other undercover options available • TorChat – Relies on TOR hidden services feature • CryptoCat – https://blog.crypto.cat/wp- content/uploads/2012/11/Cryptocat-2-Pentest- Report.pdf – Now implements OTR, bundled as browser plugin – Aims at mpOTR roadmap • Gibberbot, TextSecure, Xabber – Android • ChatSecure - iOS
Undercover communications The end.

Recomendados

New School Man-in-the-Middle
New School Man-in-the-MiddleNew School Man-in-the-Middle
New School Man-in-the-MiddleTom Eston
 
El alma de violeta
El alma de violetaEl alma de violeta
El alma de violetaSabrina Salo
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
HifnCrypto101
HifnCrypto101HifnCrypto101
HifnCrypto101Jim Faith
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 

Recomendados

New School Man-in-the-Middle
New School Man-in-the-MiddleNew School Man-in-the-Middle
New School Man-in-the-MiddleTom Eston
 
El alma de violeta
El alma de violetaEl alma de violeta
El alma de violetaSabrina Salo
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
HifnCrypto101
HifnCrypto101HifnCrypto101
HifnCrypto101Jim Faith
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 
PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIMESou Jana
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10Infinity Tech Solutions
 
Cryptography & Digital certificate
Cryptography & Digital certificateCryptography & Digital certificate
Cryptography & Digital certificateDeepak Kumar (D3)
 
Network Security.ppt
Network Security.pptNetwork Security.ppt
Network Security.pptChSheraz3
 
Authentication: keys, MAC
Authentication: keys, MACAuthentication: keys, MAC
Authentication: keys, MACShafaan Khaliq Bhatti
 
Encryption for Everyone
Encryption for EveryoneEncryption for Everyone
Encryption for EveryoneCoastal Pet Products, Inc.
 
aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxImXaib
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.pptAchinikeWinifred
 
20 security
20 security20 security
20 securityabiy2004
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdfSantosh Gupta
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Blockchain meetup
Blockchain meetupBlockchain meetup
Blockchain meetupQuantUniversity
 
Network security
Network securityNetwork security
Network securityPerfect Training Center
 
Digital Certified Mail (PPT)
Digital Certified Mail (PPT)Digital Certified Mail (PPT)
Digital Certified Mail (PPT)Matthew Chang
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtDaniel Podolsky
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.pptIshaKanwal4
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityamit bezalel
 
Overview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsOverview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsKatie Knowles
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
E mail security
E mail securityE mail security
E mail securitySoumya Vijoy
 
7.5. Pwnie express IRL
7.5. Pwnie express IRL7.5. Pwnie express IRL
7.5. Pwnie express IRLdefconmoscow
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]defconmoscow
 

Más contenido relacionado

Similar a 5.3. Undercover communications

PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIMESou Jana
 
Cryptography & Digital certificate
Cryptography & Digital certificateCryptography & Digital certificate
Cryptography & Digital certificateDeepak Kumar (D3)
 
Network Security.ppt
Network Security.pptNetwork Security.ppt
Network Security.pptChSheraz3
 
aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxImXaib
 
20 security
20 security20 security
20 securityabiy2004
 
Digital Certified Mail (PPT)
Digital Certified Mail (PPT)Digital Certified Mail (PPT)
Digital Certified Mail (PPT)Matthew Chang
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtDaniel Podolsky
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.pptIshaKanwal4
 
Overview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsOverview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsKatie Knowles
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 

Similar a 5.3. Undercover communications (20)

PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIME
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
Cryptography & Digital certificate
Cryptography & Digital certificateCryptography & Digital certificate
Cryptography & Digital certificate
 
Network Security.ppt
Network Security.pptNetwork Security.ppt
Network Security.ppt
 
Authentication: keys, MAC
Authentication: keys, MACAuthentication: keys, MAC
Authentication: keys, MAC
 
Encryption for Everyone
Encryption for EveryoneEncryption for Everyone
Encryption for Everyone
 
aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptx
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.ppt
 
20 security
20 security20 security
20 security
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdf
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Blockchain meetup
Blockchain meetupBlockchain meetup
Blockchain meetup
 
Network security
Network securityNetwork security
Network security
 
Digital Certified Mail (PPT)
Digital Certified Mail (PPT)Digital Certified Mail (PPT)
Digital Certified Mail (PPT)
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.ppt
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Overview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsOverview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server Interactions
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
E mail security
E mail securityE mail security
E mail security
 

Más de defconmoscow

7.5. Pwnie express IRL
7.5. Pwnie express IRL7.5. Pwnie express IRL
7.5. Pwnie express IRLdefconmoscow
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]defconmoscow
 
7.3. iCloud keychain-2
7.3. iCloud keychain-27.3. iCloud keychain-2
7.3. iCloud keychain-2defconmoscow
 
7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hackingdefconmoscow
 
7.1. SDLC try me to implenment
7.1. SDLC try me to implenment7.1. SDLC try me to implenment
7.1. SDLC try me to implenmentdefconmoscow
 
6.4. PHD IV CTF final
6.4. PHD IV CTF final6.4. PHD IV CTF final
6.4. PHD IV CTF finaldefconmoscow
 
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jaildefconmoscow
 
6.2. Hacking most popular websites
6.2. Hacking most popular websites6.2. Hacking most popular websites
6.2. Hacking most popular websitesdefconmoscow
 
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protectiondefconmoscow
 
6. [Bonus] DCM MI6
6. [Bonus] DCM MI66. [Bonus] DCM MI6
6. [Bonus] DCM MI6defconmoscow
 
5.2. Digital forensics
5.2. Digital forensics5.2. Digital forensics
5.2. Digital forensicsdefconmoscow
 
5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]defconmoscow
 
5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt5. [Daily hack] Truecrypt
5. [Daily hack] Truecryptdefconmoscow
 
4.5. Contests [extras]
4.5. Contests [extras]4.5. Contests [extras]
4.5. Contests [extras]defconmoscow
 
4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardwaredefconmoscow
 
4.3. Rat races conditions
4.3. Rat races conditions4.3. Rat races conditions
4.3. Rat races conditionsdefconmoscow
 
4.2. Web analyst fiddler
4.2. Web analyst fiddler4.2. Web analyst fiddler
4.2. Web analyst fiddlerdefconmoscow
 
4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitationdefconmoscow
 
3.3. Database honeypot
3.3. Database honeypot3.3. Database honeypot
3.3. Database honeypotdefconmoscow
 

Más de defconmoscow (20)

7.5. Pwnie express IRL
7.5. Pwnie express IRL7.5. Pwnie express IRL
7.5. Pwnie express IRL
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]
 
7.3. iCloud keychain-2
7.3. iCloud keychain-27.3. iCloud keychain-2
7.3. iCloud keychain-2
 
7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking
 
7.1. SDLC try me to implenment
7.1. SDLC try me to implenment7.1. SDLC try me to implenment
7.1. SDLC try me to implenment
 
6.4. PHD IV CTF final
6.4. PHD IV CTF final6.4. PHD IV CTF final
6.4. PHD IV CTF final
 
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail
 
6.2. Hacking most popular websites
6.2. Hacking most popular websites6.2. Hacking most popular websites
6.2. Hacking most popular websites
 
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection
 
6. [Bonus] DCM MI6
6. [Bonus] DCM MI66. [Bonus] DCM MI6
6. [Bonus] DCM MI6
 
5.2. Digital forensics
5.2. Digital forensics5.2. Digital forensics
5.2. Digital forensics
 
5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]
 
5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt
 
4.5. Contests [extras]
4.5. Contests [extras]4.5. Contests [extras]
4.5. Contests [extras]
 
4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware
 
4.3. Rat races conditions
4.3. Rat races conditions4.3. Rat races conditions
4.3. Rat races conditions
 
4.2. Web analyst fiddler
4.2. Web analyst fiddler4.2. Web analyst fiddler
4.2. Web analyst fiddler
 
4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation
 
3.3. Database honeypot
3.3. Database honeypot3.3. Database honeypot
3.3. Database honeypot
 
3.2. White hat
3.2. White hat3.2. White hat
3.2. White hat
 

Último

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 

Último (20)

6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 

5.3. Undercover communications

  • 1. Undercover communications By Dennis Gamayunov Feb 15, 2014
  • 2. /whoami Dennis Gamayunov  Security researcher  Network security over 10 years  Interests: kittens and stuff Work at . . .
  • 3. A bit of history • User communications: – BBS – late 1970s – SMTP – 1982 – IRC – 1988 – ICQ – 1996 • Crypto: – PGP - 1991
  • 4. Privacy issues • Unencrypted – anyone accessing the network may read the messages • Unauthenticated – anyone may pretend to be anyone else • But… deniable
  • 5. PGP Install GnuPG, generate a pair of keys for yourself; a "public key" and a "private key". The private key is like a regular key. You will use it to sign and decrypt your messages You publish your public key by sending it to a PGP key server on the Internet. People who wish to send you private email use a copy of your key to encrypt the message. You keep the (private) key to yourself, so that only you can open and read (and sign) the messages.
  • 6. PGP WoT • Anyone can upload keys to “Key Servers”- even fake keys • Authenticity of this public key can be checked as • If you can verify that a key belongs to its owner, you can sign that key, indicating that you have verified ownership • Identify voice • If not known, any one else could say he is owner of key Make a call • Check key properties Visit him • Search for another person who verify his identity WOT
  • 8. Trolling WoT would you sign this key? pub 1024D/1B629B3D 2005-12-27 Key fingerprint = 965E F829 EA6C 9174 4B46 43E1 4513 9A86 1B62 9B3D uid u1tr4 l4s3r <seekrit@hax0r.com> sub 2048g/1F8E2EEA 2005-12-27 what would you need to know before you did?
  • 9. Trolling WoT • OHM2013 talk on fake PGP identities – https://www.eff.org/event/ohm2013-trolling- web-trust • Sample tool available: https://github.com/micahflee/trollwot – Add fake signatures to keys – Brute force PGP key id (and fingerprint) – Create fake identities for given names and e-mails and build WoT for them
  • 10. PGP issues • Usability of public-key fingerprints – Hard to remember and pronounce • Pseudo-word fingerprints https://github.com/trevp/keyname • Fake WoTs • Lack of forward secrecy – Stolen keys break all security properties of past messages
  • 11. Target scenario • Assumptions – Alice and Bob both know how to use PGP – They both know each other’s public keys – They don’t want to hide the fact that they talked, just what they talked about The Internet Alice Bob Bad Guys
  • 12. Now bad guys act • Bob’s computer is stolen by “bad guys” – Criminals, competitors – Subpoenaed by the FBI • Or just broken into – Virus, trojan, spyware, black bag job • All his key material is recovered – Oh no! • Bad guys now can: – Decrypt past messages – Learn their content – Learn that Alice sent them • And have a mathematical proof they can show to anyone else • How private is that?
  • 13. Lots of PGP-based projects available • PGP-powered e-mail • IM clients: – Jabber (Pidgin et al) – ICQ/AIM – Basically any IM may be a transport for PGP-MIME • Even WoT implementations for the Web and OpenSSH – http://web.monkeysphere.info/
  • 14. SILC • Stands for Secure Internet Live Conferencing. • Designed as a secure replacement for IRC (Internet Relay Chat), released in 2000. • Also has some features of instant messaging. • Stable implementations for clients and servers are available. (http://www.silcnet.org)
  • 15. SILC protocol • A server handles channel maintenance and accepts connections from clients. • A client connects to a server to join and part channels. • A channel is a group of clients that are in the same conversation. • No one outside a channel is supposed to be able to listen in on the conversation. • It is assumed that each client has already established a session key with each server to which it talks
  • 16. Protocol description (Client) • If entity A sends something to entity B in SILC, it is always encrypted with the session key between A and B. • A client initially connects to a server. • A connected client can request to join a channel on a server. • The client knows that it has joined the channel when it receives a channel key from the server. • Every time a client joins or parts a channel, a new channel key is generated and distributed among the remaining channel members. • Each channel message, instead of being with the session key, is encrypted with the channel key. However, the packet header (which stores the source and destination) is still encrypted with the session key. • A client, when it parts a channel, notifies the server so that it may update the channel roster and regenerate the channel key.
  • 17. Protocol description (Server) • A server, when it receives a join request for a channel from a client, adds that client to the channel roster if it is not already there. • A server, when it receives a part request for a channel from a client, removes that client from the channel roster if it is there. • If the channel roster changes, a new session key is created and distributed to all remaining clients in the channel roster. • Whenever a message for a channel is received from a client of which it is a member, it is broadcast to all clients in the channel roster. (Only the header is reencrypted.)
  • 18. Protocol example C1 C2S Connect Connect Join #silctalk generated-silctalk-key(1) {Message: “I’m all alone.”}(1) {C1 message: “I’m all alone.”}(1) Join #silctalk generated-silctalk-key(2) generated-silctalk-key(2) {Message: “Sup C1.”}(2) {C2 Message: “Sup C1.”}(2) {C2 Message: “Sup C1.”}(2) Part #silctalk generated-silctalk-key(3) Part #silctalk You have joined channel #silctalk C1: I’m all alone. C2 has joined channel #silctalk C2: Sup C1. You have parted channel #silctalk You have channel #silctalk C2: Sup C1. C1 has parted channel #silctalk You have channel #silctalk
  • 19. Forward secrecy • SILC regenerates the channel key on each part/leave • Users may additionally negotiate static permanent channel encryption key – Channel messages not visible to the server – Key management is hard
  • 20. OTR • Designed by cryptographers Ian Goldberg and Nikita Borisov in 2004 • Key features in addition for common encryption: – Perfect forward secrecy – Deniability
  • 21. Real-life model for OTR: casual conversations • Alice and Bob talk in a room • No one else can hear – Unless being recorded • No one else knows what they say – Unless Alice or Bob tell them • No one can prove what was said – Not even Alice or Bob
  • 22. Perfect Forward Secrecy • Use a short-lived encryption key • Encrypt your data with it • Discard it after use – Securely erase from memory • Use long-term keys to help distribute & authenticate the short-lived key
  • 23. Repudiable Authentication • Do not want digital signatures – Leave non-repudiation for contracts, not conversations • Do want authentication – Can’t maintain privacy if attackers can impersonate friends • Use Message Authentication Codes (MACs)
  • 25. No Third-Party Proofs • Shared key authentication – Alice and Bob have same MK – MK required to compute MAC • Bob cannot prove that Alice generated the MAC – He could have done it, too – Anyone who can verify can also forge
  • 26. OTR Protocol phase 1: AKE • Alice and Bob pick random x, y resp. • A->B: gx, SignAlice(gx) • B->A: gy, SignBob(gy) • SS=gxy a shared secret • Signatures authenticate the shared secret, not content
  • 27. OTR phase 2: Message Transmission • Compute EK=Hash(SS), MK=Hash(EK) • A->B: EncEK(M), MAC(EncEK(M),MK) • Enc is symmetric encryption (AES) • Bob verifies MAC using MK, decrypts M using EK • Confidentiality and authenticity is assured
  • 28. OTR: re-keying • Alice and Bob pick x’,y’ • A->B: gx’, MAC(gx’, MK) • B->A: gy’, MAC(gy’, MK) • SS’ = H(gx’y’) • EK’ = H(SS’), MK’=H(EK’) • Alice and Bob securely erase SS, x, y, and EK – Perfect forward secrecy
  • 29. OTR limitations • Basically online – Short re-key interval – Designed for IM • Basically one-to-one – Deniable multy-party OTR is a challenge
  • 30. mpOTR • Multy-party Off-the-record communications • Protocol draft proposed by Ian Goldberg et al in 2009 • Current development: – https://moderncrypto.org/ mailman/listinfo/messaging – http://lists.cypherpunks.ca/ mailman/listinfo/otr-dev – http://mpotr.secsem.ru/ • Initial implementation expected in 2014 • Channel establishment – IRC, XMPP MUC • Authentication and key establishment – Group DH • Communication – Preserving message ordering and causation • Shutdown – Publishing ephemeral keys
  • 31. Other undercover options available • TorChat – Relies on TOR hidden services feature • CryptoCat – https://blog.crypto.cat/wp- content/uploads/2012/11/Cryptocat-2-Pentest- Report.pdf – Now implements OTR, bundled as browser plugin – Aims at mpOTR roadmap • Gibberbot, TextSecure, Xabber – Android • ChatSecure - iOS